A critical vulnerability in Citrix NetScaler (CVE-2025-5777), dubbed βCitrixBleed 2,β was exploited actively before proof-of-concept exploits were released, with detection confirmed by GreyNoise. Authorities and researchers warn that over 120 companies have been compromised, highlighting the urgency of patching affected systems. #CitrixBleed2 #NetScalerVulnerability
Keypoints
- The CitrixBleed 2 vulnerability allows memory leakage and session hijacking through malformed POST requests.
- Active exploitation began on June 23, 2025, nearly two weeks before public PoC releases.
- Citrix was slow to acknowledge active exploitation and was criticized for lack of transparency.
- Patch updates are available for supported NetScaler versions; unsupported versions require immediate upgrade.
- Over 11.5 million exploitation attempts have been detected, emphasizing the severity of the threat to sectors like finance.